[Haskell-cafe] Re: Password hashing

Achim Schneider barsoap at web.de
Wed Oct 29 13:43:37 EDT 2008

Bulat Ziganshin <bulat.ziganshin at gmail.com> wrote:

> Hello Bit,
> Wednesday, October 29, 2008, 4:32:51 PM, you wrote:
> >> It's a good idea to salt your passwords before hashing, though. See
> > What can be used for generating a random salt? Is System.Random
> > secure enough?
> if you use mkStdRNG it's good enough for non high-secure programs. it
> inits rnd generator with current time upo to picoseconds (if your OS
> provides such granularity). you can add a bit f security by reading a
> few bytes from /dev/urandom and passing these to mkStdRNG
...or by pinging a random host and taking the time difference, checking
the current cpu temperature and fan speed, counting how many times
your process gets suspended in a certain amount of time, taking a
picture of a lava lamp and hashing it, booting windows, not doing
anything, and measure the time it takes to crash, hashing a snapshot
of the slashdot frontpage, and, last, but not least, measuring the
amount of spam per second currently swooshing into your mail account.

(c) this sig last receiving data processing entity. Inspect headers
for copyright history. All rights reserved. Copying, hiring, renting,
performance and/or quoting of this signature prohibited.

More information about the Haskell-Cafe mailing list